索赔类型不正确
DaI*_*mTo 4 c# asp.net-core identityserver4
我目前正在开发一个 API。令牌从 IdentityServer4 返回。
我试图从令牌声明中获取当前授权用户的 id 子 id。我可以在此处的索赔中看到它。
{
"nbf": 1512632838,
"exp": 1512636438,
"iss": "http://localhost:5000",
"aud": [
"http://localhost:5000/resources",
"testapi"
],
"client_id": "ServiceAccountAccess",
"sub": "21248582",
"auth_time": 1512632823,
"idp": "local",
"name": "TestUser",
"resource_id": "21260601",
"xena_fiscal_id": "21875",
"fiscal_name": "My company",
"picture_url": "/Content/images/avatar-company-xena.jpg",
"application_id": "16140911",
"scope": [
"openid",
"profile",
"testapi"
],
"amr": [
"password"
]
}
我的API调用非常简单
[Authorize]
public async Task<ActionResult> ChangeFiscal([FromBody] long fiscalId)
{
var name = User.Claims.Where(c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier")
.Select(c => c.Value).SingleOrDefault();
}
我不明白的是为什么子或主题被变成
“ http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier ”
我可以从 api 中看到它已经完成了相当多的声明
{
"nbf": 1512653706,
"exp": 1512657306,
"iss": "http://localhost:5000",
"aud": [
"http://localhost:5000/resources",
"testapi"
],
"client_id": "ServiceAccountAccess",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "21248582",
"auth_time": 1512652100,
"http://schemas.microsoft.com/identity/claims/identityprovider": "local",
"name": "TestUser",
"supporter": "21248582",
"http://schemas.microsoft.com/claims/authnmethodsreferences": "password",
"resource_id": "21527443",
"xena_fiscal_id": "21876",
"fiscal_name": "this",
"picture_url": "/Content/images/avatar-company-xena.jpg",
"scope": [
"openid",
"profile",
"testapi"
]
}
我们花了一个小时才弄清楚 Microsoft JWT 处理程序将这些标准声明转换为 Microsoft 专有声明。
通过将以下行添加到启动配置方法中,我能够关闭这个烦人的“功能”
JwtSecurityTokenHandler.InboundClaimTypeMap.Clear()
- 在新版本中可能已更改,但我必须使用“DefaultInboundClaimTypeMap”。 (2认同)
| 归档时间: |
|
| 查看次数: |
586 次 |
| 最近记录: |